3 overlooked endpoints for cyber attacks and how to protect them
Credit to Author: Trend Micro| Date: Thu, 16 Mar 2017 17:23:17 +0000
You probably think you have endpoint security covered. After all, organizations have been securing end-user desktop and laptop computers for decades with anti-virus software and other cyber security programs. Because of these steps, you think you're not at risk of an endpoint-initiated attack. However, NTT Security's 2015 Global Threat Intelligence Report found that 70 percent of the top vulnerabilities reside within user systems, making the endpoint the most common starting point for breaches. Even if you're confident that you have all of your cyber security bases covered, there are three commonly overlooked endpoints that might just be the biggest vulnerabilities in your network:
1. Mobile devices
Connectivity, convenience and flexibility are becoming higher priorities for employees, and mobile devices are the clear answer for meeting those needs. Many organizations have established bring-your-own-device policies, enabling workers to use their personal smartphones and tablets for work-related purposes.
The problem is that this initiative can introduce security vulnerabilities if devices aren't managed, updated and secured properly. Therefore, organizations must take steps to ensure a compromised mobile device doesn't lead to a breach of sensitive information. Keep your device's operating system and applications up to date to cover potential vulnerabilities.
Outdated operating systems and malware are problems that can be easily avoided, but a number of issues come up when considering third-party applications. Security researcher Will Strafach found 76 popular apps within Apple's official store that failed to use the Transport Layer Security protocol, which means those apps could allow for a man-in-the-middle attacks. And that could easily result in the theft of data, without security teams being any the wiser that a data breach occurred. Company IT teams must thoroughly vet programs before approving them and educate employees on which ones aren't safe to use. A corporate-owned, personally enabled plan may work better to provide some flexibility without sacrificing security.
"Most routers have authentication measures that can be easily bypassed."
2. Routers
A router serves as a direct entrance to a network, which could mean trouble for a business that hasn't activated security capabilities for this endpoint. If hackers manage to compromise these devices, they can easily change router settings to send individuals to malicious sites which can gather personal and corporate data like financial account information and sensitive files. Trend Micro research found a router was infected with DNS-changing malware and directed one user to spoofed pages of third-party sites used by banks. The victim only identified the cyber security problem after noticing that $955 was missing from their account.
Most routers have authentication measures and predefined credentials that hackers can easily bypass with web-based scripts and brute-force attacks. The problem is, many organizations use default passwords for these endpoints or remove backdoors after it's too late. Businesses should use a complex password including at least one uppercase letter, one number and a special character. Beyond practicing and encouraging standard password hygiene, IT admins should implement security tools that monitor unusual activity on these endpoints and flag suspicious actions, allowing organizations to respond quickly in the event of an attack.
3. Printers and fax machines
It's easy to overlook printers and fax machines when it comes to endpoint security as these devices might be stationed in a corner or used only occasionally – and hackers know this. That makes these machines particularly vulnerable to cyber attacks. As more of these devices allow employees to access them via the cloud, more vulnerabilities will emerge. Fortune reported on an example of such an attack: A hacktivist sent anti-Semitic messages to thousands of printers across the country. The hacker identified over a million printers that were hooked up to the internet via unsecured connections, enabling him to access and commandeer the machines.
Organizations must take the time to configure these devices appropriately, ensure connection security and monitor any unusual behavior. Network intrusion prevention systems and database security solutions can help detect if these non-PC-based machines are compromised, allowing you to respond quickly to the issue.
As IT infrastructure becomes more complex, organizations will be more likely to overlook critical endpoints when it comes to security. Mobile devices, printers and routers are machines that are widely used in corporate environments, but are often the least secure endpoints. Organizations must configure protection settings on this hardware and implement cyber security tools to identify potential threats and mitigate vulnerabilities.